CVE-2022-40716
published 2022-09-23CVE-2022-40716: HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint…
PriorityP336medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.83%
52.8th percentile
HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | consul | — | — |
| github.com | hashicorp_consul | >= 0 < 1.11.9 | 1.11.9 |
| github.com | hashicorp_consul | >= 1.12.0 < 1.12.5 | 1.12.5 |
| github.com | hashicorp_consul | >= 1.13.0 < 1.13.2 | 1.13.2 |
| hashicorp | consul | < 1.11.9 | 1.11.9 |
| hashicorp | consul | >= 1.12.0 < 1.12.5 | 1.12.5 |
| hashicorp | consul | >= 1.13.0 < 1.13.2 | 1.13.2 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
consul: Consul Service Mesh Intention Bypass with Malicious Certificate Signing Request
vendor_redhat·2022-09-23·CVSS 6.5
CVE-2022-40716 [MEDIUM] CWE-252 consul: Consul Service Mesh Intention Bypass with Malicious Certificate Signing Request
consul: Consul Service Mesh Intention Bypass with Malicious Certificate Signing Request
HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."
A flaw was found in the HashiCorp Consul package. In the affected versions of this package, a specially crafted CSR sent directly to Consul’s internal server agent RPC endpoint can include multiple SAN URI values with additional service names.
Package: openshift-logging/logging-loki-rhel9 (Logging Subsystem for Red Hat OpenShift) - Not affected
Package: rhacm2/acm-grafana-rhel8 (Red Hat Advanced Cluster Management for Kubernetes 2) - Will n
Debian
CVE-2022-40716: consul - HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not c...
vendor_debian·2022·CVSS 6.5
CVE-2022-40716 [MEDIUM] CVE-2022-40716: consul - HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not c...
HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."
Scope: local
bullseye: open
OSV
HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul
osv·2024-08-21
CVE-2022-40716 HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul
HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul
HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul
OSV
HashiCorp Consul vulnerable to authorization bypass
osv·2022-09-25
CVE-2022-40716 [MEDIUM] HashiCorp Consul vulnerable to authorization bypass
HashiCorp Consul vulnerable to authorization bypass
HashiCorp Consul and Consul Enterprise versions prior to 1.11.9, 1.12.5, and 1.13.2 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. A specially crafted CSR sent directly to Consul’s internal server agent RPC endpoint can include multiple SAN URI values with additional service names. This issue has been fixed in versions 1.11.9, 1.12.5, and 1.13.2. There are no known workarounds.
GHSA
HashiCorp Consul vulnerable to authorization bypass
ghsa·2022-09-25
CVE-2022-40716 [MEDIUM] CWE-252 HashiCorp Consul vulnerable to authorization bypass
HashiCorp Consul vulnerable to authorization bypass
HashiCorp Consul and Consul Enterprise versions prior to 1.11.9, 1.12.5, and 1.13.2 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. A specially crafted CSR sent directly to Consul’s internal server agent RPC endpoint can include multiple SAN URI values with additional service names. This issue has been fixed in versions 1.11.9, 1.12.5, and 1.13.2. There are no known workarounds.
OSV
CVE-2022-40716: HashiCorp Consul and Consul Enterprise up to 1
osv·2022-09-23·CVSS 6.5
CVE-2022-40716 [MEDIUM] CVE-2022-40716: HashiCorp Consul and Consul Enterprise up to 1
HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://discuss.hashicorp.comhttps://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/https://discuss.hashicorp.comhttps://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
2022-09-23
Published